diff options
author | Simo Sorce <simo@redhat.com> | 2014-04-13 01:45:42 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2014-05-04 17:21:06 -0400 |
commit | 0af4f35f01fef417b42fbad0a9ad774043d898be (patch) | |
tree | 56e1b29d187ef00f68a68e7aaca4d124f8df7bbe | |
parent | 21307dc11da9a5cf75167e125aae5c8afa9d6e9d (diff) | |
download | gss-ntlmssp-0af4f35f01fef417b42fbad0a9ad774043d898be.tar.gz gss-ntlmssp-0af4f35f01fef417b42fbad0a9ad774043d898be.tar.xz gss-ntlmssp-0af4f35f01fef417b42fbad0a9ad774043d898be.zip |
Make MIC conditional on integrity being requested
If integrity is requested by any party then the MIC, if requested by the
server will be generated, otherwise it will not be.
-rw-r--r-- | src/gss_sec_ctx.c | 3 | ||||
-rw-r--r-- | src/ntlm.c | 2 | ||||
-rw-r--r-- | src/ntlm.h | 4 |
3 files changed, 6 insertions, 3 deletions
diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c index 92dd981..4400bc7 100644 --- a/src/gss_sec_ctx.c +++ b/src/gss_sec_ctx.c @@ -400,7 +400,8 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status, &target_info, server_name, &client_target_info, - &srv_time, &add_mic); + &srv_time, + protect ? &add_mic: NULL); if (retmin) { if (retmin == ERR_DECODE) { retmaj = GSS_S_DEFECTIVE_TOKEN; @@ -832,7 +832,7 @@ int ntlm_process_target_info(struct ntlm_ctx *ctx, /* the server did not send the timestamp, use current time */ if (srv_time == 0) { srv_time = ntlm_timestamp_now(); - } else { + } else if (add_mic) { av_flags |= MSVAVFLAGS_MIC_PRESENT; *add_mic = true; } @@ -518,7 +518,9 @@ int ntlm_decode_target_info(struct ntlm_ctx *ctx, struct ntlm_buffer *buffer, * @param server The Client Supplied Server Name if available * @param out The processed target_info buffer * @param out_srv_time A 64 bit FILETIME timestamp - * @param add_mic Whether the caller should generate a MIC + * @param add_mic A pointer to a boolean. If NULL MIC flags will + * not be set, otherwise if allowed the MIC flag + * will be set and true will be returned. * * @return 0 if everyting parses correctly, or an error code */ |